LloydLabs / wsb-detect
wsb-detect enables you to detect if you are running in Windows Sandbox ("WSB")
☆353Updated last year
Related projects ⓘ
Alternatives and complementary repositories for wsb-detect
- A way to delete a locked file, or current running executable, on disk.☆496Updated 3 months ago
- Just another Windows Process Injection☆389Updated 4 years ago
- Adaptive DLL hijacking / dynamic export forwarding☆724Updated 4 years ago
- Evade sysmon and windows event logging☆611Updated 4 years ago
- Evasive shellcode loader for bypassing event-based injection detection (PoC)☆715Updated 3 years ago
- OffensivePH - use old Process Hacker driver to bypass several user-mode access controls☆329Updated 3 years ago
- Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted fi…☆631Updated 8 months ago
- Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging☆519Updated 8 months ago
- Windows 10 UAC bypass for all executable files which are autoelevate true .☆635Updated 4 years ago
- Phantom DLL hollowing PoC☆350Updated 2 years ago
- A Bind Shell Using the Fax Service and a DLL Hijack☆322Updated 4 years ago
- ☆462Updated last year
- Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)☆409Updated 3 years ago
- Bypass UAC by hijacking a DLL located in the Native Image Cache☆207Updated 2 years ago
- Small and convenient C2 tool for Windows targets. [ Русский -- значит нахуй! ]☆564Updated 2 years ago
- A Windows kernel-mode rootkit that abuses legitimate communication channels to control a machine.☆685Updated 4 years ago
- A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from …☆870Updated 3 years ago
- Yet another variant of Process Hollowing☆354Updated 8 months ago
- Windows - Weaponizing privileged file writes with the Update Session Orchestrator service☆378Updated 4 years ago
- A .NET Framework 4.0 Windows Agent☆452Updated this week
- Project for identifying executables and DLLs vulnerable to relative path DLL hijacking.☆439Updated 5 months ago
- SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature…☆1,081Updated last year
- Load/Inject .NET assemblies by; reusing the host (spawnto) process loaded CLR AppDomainManager, Stomping Loader/.NET assembly PE DOS head…☆544Updated 3 years ago
- Command line interface to dump LSASS memory to disk via SilentProcessExit☆442Updated 3 years ago
- A meterpreter extension for applying hooks to avoid windows defender memory scans☆239Updated 4 years ago
- some gadgets about windows process and ready to use :)☆573Updated last year
- CVE-2020-0683 - Windows MSI “Installer service” Elevation of Privilege☆339Updated 2 years ago
- Yet another shellcode runner consists of different techniques for evaluating detection capabilities of endpoint security solutions☆477Updated 3 years ago
- A modular C2 framework☆396Updated last month